A hack targeted the Direct Enrollment pathway, which allows insurance agents and brokers to help consumers sign up for Affordable Care Act coverage.
Link: https://threatpost.com/obamacare-sign-up-channel-breach-affects-75k-consumers/138482/
Tag: Hacks
Critical Bug Impacts Live555 Media Streaming Libraries
A critical streaming bug impacts Live Networks LIVE555 RTSPServer, but not the popular VLC and MPLayer client-side software.
Link: https://threatpost.com/critical-bug-impacts-live555-media-streaming-libraries/138477/
Trivial Post-Intrusion Attack Exploits Windows RID
Simple technique enables attackers to leverage Windows OS component to maintain stealth and persistence post system compromise.
Link: https://threatpost.com/trivial-post-intrusion-attack-exploits-windows-rid/138448/
New APT Could Signal Reemergence of Notorious Comment Crew
A custom malware used in a five-pronged APT espionage campaign was largely built from the defunct Comment Crew’s proprietary code.
Link: https://threatpost.com/new-apt-could-signal-reemergence-of-notorious-comment-crew/138440/
Tumblr Privacy Bug Could Have Exposed Sensitive Account Data
Tumblr stressed that there is no evidence the security bug was being abused or that unprotected account data was accessed.
Link: https://threatpost.com/tumblr-privacy-bug-could-have-exposed-sensitive-account-data/138415/
GreyEnergy Spy APT Mounts Sophisticated Effort Against Critical Infrastructure
The group is a successor to BlackEnergy and a subset of the TeleBots gang–and its activity is potentially a prelude to a much more destructive attack.
Podcast: A Utility Ransomware Attack Post-Hurricane
A “critical water utility” was hit by a recent ransomware attack, significantly impeding the service in the week after Hurricane Florence hit the East Coast of the U.S. The Onslow Water and Sewer Authority (ONWASA) said in a Monday release that a “sophisticated ransomware attack… has left the utility with limited computer capabilities.” While customer data […]
Link: https://threatpost.com/podcast-a-utility-ransomware-attack-post-hurricane/138391/
Multiple D-Link Routers Open to Complete Takeover with Simple Attack
The vendor only plans to patch two of the eight impacted devices, according to a researcher.
Link: https://threatpost.com/multiple-d-link-routers-open-to-complete-takeover-with-simple-attack/138383/
Remote Code Implantation Flaw Found in Medtronic Cardiac Programmers
The flaw impacted patients with pacemakers, implantable defibrillators, cardiac resynchronization devices and insertable cardiac monitors.
Link: https://threatpost.com/remote-code-implantation-flaw-found-in-medtronic-cardiac-programmers/138363/
Anthem, Apple and the Pentagon: A Data-Breach Cornucopia
A record fine and two new compromises kick off the autumn compromise season.
Link: https://threatpost.com/anthem-apple-and-the-pentagon-a-data-breach-cornucopia/138326/